package cn.wildfirechat.app.shiro;

import cn.wildfirechat.app.GoogleAuthService;
import cn.wildfirechat.app.model.GoogleUser;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;

import javax.annotation.PostConstruct;

@Component
@Slf4j
public class GoogleTokenRealm extends AuthorizingRealm {
    
    @Autowired
    private GoogleAuthService googleAuthService;
    
    @PostConstruct
    void initRealm() {
        setAuthenticationTokenClass(GoogleAuthToken.class);
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        log.info("GoogleTokenRealm.doGetAuthenticationInfo called with token: {}", authenticationToken.getClass().getSimpleName());

        try {
            if (authenticationToken instanceof GoogleAuthToken) {
                String email = (String) authenticationToken.getPrincipal();
                String idToken = (String) authenticationToken.getCredentials();

                log.info("Processing Google authentication for email: {}", email);
                log.info("ID Token is null: {}", idToken == null);

                if (idToken == null || idToken.trim().isEmpty()) {
                    log.error("ID Token is null or empty");
                    throw new AuthenticationException("Google ID Token为空");
                }

                GoogleUser googleUser = googleAuthService.verifyIdToken(idToken);
                if (googleUser != null && googleUser.getEmail().equals(email)) {
                    log.info("Google token verification successful for email: {}", email);
                    return new SimpleAuthenticationInfo(email, idToken.getBytes(), getName());
                } else {
                    log.error("Google token verification failed for email: {}", email);
                    log.error("GoogleUser: {}", googleUser);
                    throw new AuthenticationException("Google登录验证失败");
                }
            }

            log.error("Token is not GoogleAuthToken: {}", authenticationToken.getClass());
            throw new AuthenticationException("不支持的认证类型");

        } catch (Exception e) {
            log.error("Exception in GoogleTokenRealm.doGetAuthenticationInfo", e);
            throw new AuthenticationException("Google认证过程中发生错误: " + e.getMessage());
        }
    }
}